Ahoj,
při každém kliknutí, nebo jakékoliv aktualizaci(třeba onlajny.cz) mi vyskočí okýnko a v něm
SYSTEM ERROR!
Your system was infected by zlob trojan.
It´s very dangerous for your system(critical data can be lost)!
pak tam je odkaz na stažení ANTIMALWARE, kterej by mi měla vyčistit hard disk. Sice jsem nechtěl ale stáhl jsem to. Ale okýnka mi vyskakujou pořád. Poslechl jsem rad na chatu a stáhl SPYWARE TERMINATOR a ASHAMPOO. Ani jedna z těch věcí mi nepomohla.
Log z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:37, on 5.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Rev\cftmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN9.tmp
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Media Codec - {547f4e57-9025-403b-b619-073854a60da1} - C:\WINDOWS\kiasys.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Rev\cftmon.exe
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Rev\cftmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [WintelUpdate] c:\icxh.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [aromis] C:\WINDOWS\aromis.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user')
O8 - Extra context menu item: crawler search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
O21 - SSODL: CheckWeb - {C111CF13-545F-6FF1-51AC-F623D452C63D} - C:\WINDOWS\system32\cryper.dll
O23 - Service: aasw2_service - Unknown owner - C:\DOCUME~1\Rev\LOCALS~1\Temp\1\svchost.exe
O23 - Service: Avg7Alrt - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: Avg7UpdSvc - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVGEMS - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
O23 - Service: ERSvc - Unknown owner - C:\DOCUME~1\Rev\LOCALS~1\Temp\1\svchost.exe
O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Rev\ie_updates3r.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plánovač úloh (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7340 bytes
spyware a trojani
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: spyware a trojani
tak tě vítám na PC-HELP 
a řeknu ti rovnou-je to brutal 
že ani nevim kde začít. nejlepší bude když zkontroluješ firewall ve win,jestli běží (ovládací panely)
spust služby - napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi
ERSvc
Plánovač úloh (Schedule)
CcEvtSvc
Google Online Services
aasw2_service
zastav a typ spuštění dej na zakázáno
vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit
až budem hotoví,tak si jí zase zapni opačným postupem
potom v [u]nouzovém režimu[/u]
bez práce v síti-vypni štíty antiviru i antispyware a použij tyto dva nástroje
COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
SDFIX
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah. + opět nový hijackthis z normálního režimu,do kterého než najedeš,tak opět spust všechny štíty než se připojíš
//momentálně se zdá,že antivir znefunkčnili brebery,pokud jsi ty štíty nevypnul sám
a řeknu ti rovnou-je to brutal že ani nevim kde začít. nejlepší bude když zkontroluješ firewall ve win,jestli běží (ovládací panely)
spust služby - napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi
ERSvc
Plánovač úloh (Schedule)
CcEvtSvc
Google Online Services
aasw2_service
zastav a typ spuštění dej na zakázáno
vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit
až budem hotoví,tak si jí zase zapni opačným postupem
potom v [u]nouzovém režimu[/u]
bez práce v síti-vypni štíty antiviru i antispyware a použij tyto dva nástroje
COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
SDFIX
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah. + opět nový hijackthis z normálního režimu,do kterého než najedeš,tak opět spust všechny štíty než se připojíš
//momentálně se zdá,že antivir znefunkčnili brebery,pokud jsi ty štíty nevypnul sám
Re: spyware a trojani
Log z Comba:
ComboFix 08-04-04.1 - Rev 2008-04-05 19:48:48.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.165 [GMT 2:00]
Running from: C:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
C:\WINDOWS\nqaplwj.sys
C:\WINDOWS\qalwpmdgt.sys
c:\windows\system32\Drivers\Rag41.sys
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\svchost.t__
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CCEVTSVC
-------\Legacy_RAG41
-------\Service_CcEvtSvc
-------\Service_qalwpmdgt
-------\Service_Rag41
-------\Service_rag41
-------\Legacy_Schedule
-------\nqaplwj
-------\Schedule
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.
2008-04-05 19:53 . 185 C:\1.reg
2008-04-05 19:45 . 2008-04-05 19:45 1,612,984 --a------ C:\ComboFix.exe
2008-04-05 18:13 . 2008-04-05 18:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 18:13 . 2008-04-05 18:13 812,344 --a------ C:\HJTInstall.exe
2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\Ashampoo
2008-04-05 13:29 . 2008-04-05 13:29 31,347,376 --a------ C:\ashampoo_antispyware202_sm.exe
2008-04-05 13:12 . 2008-04-05 13:12 <DIR> d-------- C:\Program Files\Files-Secure
2008-04-05 12:11 . 2008-04-05 18:17 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-05 12:11 . 2008-04-05 12:12 <DIR> d-------- C:\Program Files\Crawler
2008-04-05 12:11 . 2008-04-05 12:11 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-05 12:10 . 2008-04-05 12:11 10,067,136 --a------ C:\SpywareTerminatorSetup.exe
2008-04-04 12:59 . 2008-04-05 06:43 77,000 --a------ C:\icxh.exe
2008-04-04 12:59 . 2008-04-04 12:59 8,704 --a------ C:\WINDOWS\system32\drivers\smss.exe
2008-04-04 12:58 . 2008-04-04 12:58 261,632 --a------ C:\WINDOWS\system32\cryper.dll
2008-04-04 12:58 . 2008-04-04 12:58 52,174 --a------ C:\WINDOWS\system32\config\systemprofile\cftmon.exe
2008-04-04 12:58 . 2008-04-04 12:58 39,424 --a------ C:\WINDOWS\system32\vesp494.exe
2008-04-04 09:18 . 2008-04-04 09:18 15,363 --a------ C:\WINDOWS\system32\vesp468.exe
2008-04-03 23:32 . 2008-04-05 13:17 47,203 --a------ C:\Documents and Settings\Rev\cftmon.exe
2008-04-03 23:29 . 2008-04-03 23:31 40,970 --a------ C:\WINDOWS\aromis.config
2008-04-03 23:28 . 2008-04-03 23:28 <DIR> dr------- C:\Documents and Settings\LocalService\Oblˇben‚ polo§ky
2008-04-03 23:28 . 2008-04-03 23:28 204,800 --a------ C:\WINDOWS\kiasys.dll
2008-04-03 23:28 . 2008-04-03 23:28 139,776 --a------ C:\WINDOWS\aromis.exe
2008-04-03 23:28 . 2008-04-03 23:28 14,336 --a------ C:\WINDOWS\system32\vesp472.exe
2008-04-03 23:28 . 2008-04-03 23:28 11,264 --a------ C:\WINDOWS\system32\vesp282.exe
2008-04-03 23:28 . 2008-04-05 13:09 10,752 --a------ C:\WINDOWS\system32\WLCtrl32.dll.ren
2008-04-03 23:27 . 2008-04-04 09:18 21,628 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-03 23:27 . 2008-04-03 23:27 11,264 --a------ C:\WINDOWS\system32\vesp486.exe
2008-04-03 23:26 . 2008-04-03 23:26 7,680 --a------ C:\WINDOWS\system32\vesp463.exe
2008-04-03 23:25 . 2008-04-05 12:16 423 --a------ C:\WINDOWS\system32\jdpfeo.tmp
2008-03-31 10:08 . 2008-03-31 10:08 7,168 --a------ C:\Documents and Settings\Rev\admin.exe
2008-03-29 22:11 . 2008-03-29 22:13 205,960,639 --a------ C:\pornoakce6-full_lq.wmv
2008-03-22 21:08 . 2008-03-26 21:10 <DIR> d-------- C:\Program Files\bwin
2008-03-22 21:08 . 2008-03-22 21:08 528,840 --a------ C:\NetInstallbwinPoker.exe
2008-03-22 18:46 . 2008-03-22 18:47 1,939,090 --a------ C:\6.wmv
2008-03-22 18:46 . 2008-03-22 18:46 1,939,090 --a------ C:\5.wmv
2008-03-22 18:46 . 2008-03-22 18:46 1,931,090 --a------ C:\1.wmv
2008-03-22 18:46 . 2008-03-22 18:46 1,931,090 --a------ C:\04.wmv
2008-03-22 18:46 . 2008-03-22 18:46 1,923,096 --a------ C:\03.wmv
2008-03-22 18:45 . 2008-03-22 18:46 1,931,090 --a------ C:\02.wmv
2008-03-17 14:55 . 2008-03-31 10:12 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-17 14:50 . 2008-03-17 14:50 <DIR> d-------- C:\WINDOWS\Cache
2008-03-17 14:48 . 2004-07-20 18:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-17 14:48 . 2004-07-20 18:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-17 14:48 . 2004-07-20 18:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-17 14:48 . 2004-07-09 10:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-03-17 14:48 . 2004-07-20 18:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-17 14:48 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-17 14:48 . 2000-06-26 12:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-17 14:48 . 2001-06-26 09:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-03-17 14:47 . 2008-03-17 14:47 <DIR> d-------- C:\WINDOWS\InCD
2008-03-17 14:47 . 2008-03-17 14:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-17 14:47 . 2008-03-17 14:48 <DIR> d-------- C:\Program Files\Ahead
2008-03-17 14:47 . 2004-09-07 12:09 2,146,304 --------- C:\WINDOWS\NuNinst.exe
2008-03-17 14:47 . 2004-09-07 17:27 91,136 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2008-03-17 14:47 . 2004-10-19 08:48 51,969 --------- C:\WINDOWS\NuNinst.cfg
2008-03-17 14:47 . 2004-09-07 17:27 28,544 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2008-03-17 14:47 . 2004-09-07 17:29 5,760 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2008-03-17 14:46 . 2003-12-05 11:46 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2008-03-17 14:45 . 2008-03-17 14:46 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2008-03-17 14:45 . 2008-03-17 14:45 <DIR> d-------- C:\Program Files\CyberLink
2008-03-17 14:45 . 2004-03-11 14:27 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-03-13 19:27 . 2008-03-23 12:37 6,656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-03-11 12:08 . 2008-03-11 19:39 <DIR> d-------- C:\strong_dc_205
2008-03-11 11:39 . 2008-03-11 12:04 <DIR> d-------- C:\Program Files\BitComet
2008-03-11 11:39 . 2008-03-11 11:39 <DIR> d-------- C:\Downloads
2008-03-11 01:35 . 2008-04-03 04:42 <DIR> d-------- C:\Program Files\GoQ - NetRadio
2008-03-09 14:12 . 2008-03-09 14:12 <DIR> d---s---- C:\Documents and Settings\Rev\UserData
2008-03-05 17:07 . 2008-03-05 17:07 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-05 17:06 . 2008-03-05 17:06 24,958,080 --a------ C:\Program Files\AdbeRdr810_cs_CZ.exe
2008-03-05 15:51 . 2003-06-19 02:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-05 15:51 . 2008-03-05 15:51 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-05 15:50 . 2008-03-05 15:50 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-05 15:49 . 2008-03-05 15:50 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-05 15:30 . 2008-03-05 15:30 1,336,031 --a------ C:\Program Files\wrar371cz.exe
2008-03-05 14:37 . 2008-03-15 01:26 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-05 14:36 . 2008-03-05 14:38 <DIR> d-------- C:\Program Files\ICQ6
2008-03-05 14:35 . 2008-03-05 14:35 14,111,464 --a------ C:\Program Files\install_atlas_icq6.exe
2008-03-05 14:31 . 2008-03-05 14:56 <DIR> d-------- C:\Program Files\ParadisePoker
2008-03-05 14:30 . 2008-03-05 14:30 5,748,680 --a------ C:\Program Files\paradisepoker_com_cs_cs.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 16:51 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2008-03-17 12:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 16:00 --------- d-----w C:\Program Files\Google
2008-03-04 09:17 --------- d-----w C:\Program Files\Java
2008-03-04 09:15 --------- d-----w C:\Program Files\Common Files\Java
2008-03-03 15:49 --------- d-----w C:\Program Files\Nokia
2008-03-03 15:36 --------- d-----w C:\Program Files\DIFX
2008-03-03 15:35 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-03 12:45 --------- d-----w C:\Program Files\Common Files\DirectX
2008-03-02 11:27 --------- d-----w C:\Program Files\WinFast
2008-03-02 11:27 --------- d-----w C:\Program Files\Ulead Systems
2008-03-02 11:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-03-02 11:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-02 10:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 10:40 558,142 ----a-w C:\WINDOWS\java\Packages\6FPJLJRT.ZIP
2008-03-02 10:40 155,995 ----a-w C:\WINDOWS\java\Packages\ZJ7BHVDF.ZIP
2008-03-02 10:40 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{547f4e57-9025-403b-b619-073854a60da1}]
2008-04-03 23:28 204800 --a------ C:\WINDOWS\kiasys.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 16:49 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-12-22 16:40 5517312]
"nwiz"="nwiz.exe" [2004-12-22 16:40 1490944 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-12-22 16:40 86016]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 14:21 278528]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-04 10:48 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 15:25 1400944]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"'Ashampoo AntiSpyWare 2 Guard'"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2008-03-13 14:36 2316632]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-05 12:11 2957824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-02 20:30 219136]
"aromis"="C:\WINDOWS\aromis.exe" [2008-04-03 23:28 139776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CheckWeb"= {C111CF13-545F-6FF1-51AC-F623D452C63D} - C:\WINDOWS\system32\cryper.dll [2008-04-04 12:58 261632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll 2008-04-03 23:28 9235 C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.ac3acm"= ac3acm.acm
"VIDC.wmv3"= wmv9vcm.dll
"MSVideo8"= VfWWDM32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wek06.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-05 12:11]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 13:34]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 13:34]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 13:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 00:08]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55]
S0 wek06;wek06;C:\WINDOWS\system32\Drivers\Wek06.sys []
S2 ntdmngr;Network DDE Transaction Manager;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
S3 fileobjinfo;STFileDriver;C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys []
S4 aasw2_service;aasw2_service;C:\DOCUME~1\Rev\LOCALS~1\Temp\1\svchost.exe [2008-03-31 10:08]
S4 Google Online Services;Google Online Services;C:\Documents and Settings\Rev\ie_updates3r.exe []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Ntdmngr
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 19:53:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dumprep.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-04-05 19:56:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 17:56:02
Adresářů: 7, Volných bajtů: 19,096,977,408
Adres ý…: 10, Volněch bajt…: 19,043,708,928
Log z SDfix:
SDFix: Version 1.166
Run by Rev on so 05.04.2008 at 20:19
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name:
Google Online Services
Path:
C:\Documents and Settings\Rev\ie_updates3r.exe -A
Google Online Services - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll - Deleted
C:\WINDOWS\aromis.exe - Deleted
C:\WINDOWS\aromis.config - Deleted
C:\WINDOWS\kiasys.dll - Deleted
C:\WINDOWS\system32\drivers\smss.exe - Deleted
C:\WINDOWS\system32\univrs32.dat - Deleted
Folder C:\Documents and Settings\All Users\Dokumenty\Settings - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 20:21:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Finished!
Log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:11, on 5.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ParadisePoker\poker.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\ParadisePoker\poker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: crawler search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O21 - SSODL: CheckWeb - {C111CF13-545F-6FF1-51AC-F623D452C63D} - C:\WINDOWS\system32\cryper.dll
O23 - Service: Avg7Alrt - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: Avg7UpdSvc - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVGEMS - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 6198 bytes
ComboFix 08-04-04.1 - Rev 2008-04-05 19:48:48.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.165 [GMT 2:00]
Running from: C:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
C:\WINDOWS\nqaplwj.sys
C:\WINDOWS\qalwpmdgt.sys
c:\windows\system32\Drivers\Rag41.sys
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\svchost.t__
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CCEVTSVC
-------\Legacy_RAG41
-------\Service_CcEvtSvc
-------\Service_qalwpmdgt
-------\Service_Rag41
-------\Service_rag41
-------\Legacy_Schedule
-------\nqaplwj
-------\Schedule
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.
2008-04-05 19:53 . 185 C:\1.reg
2008-04-05 19:45 . 2008-04-05 19:45 1,612,984 --a------ C:\ComboFix.exe
2008-04-05 18:13 . 2008-04-05 18:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 18:13 . 2008-04-05 18:13 812,344 --a------ C:\HJTInstall.exe
2008-04-05 13:34 . 2008-04-05 13:34 <DIR> d-------- C:\Program Files\Ashampoo
2008-04-05 13:29 . 2008-04-05 13:29 31,347,376 --a------ C:\ashampoo_antispyware202_sm.exe
2008-04-05 13:12 . 2008-04-05 13:12 <DIR> d-------- C:\Program Files\Files-Secure
2008-04-05 12:11 . 2008-04-05 18:17 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-05 12:11 . 2008-04-05 12:12 <DIR> d-------- C:\Program Files\Crawler
2008-04-05 12:11 . 2008-04-05 12:11 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-05 12:10 . 2008-04-05 12:11 10,067,136 --a------ C:\SpywareTerminatorSetup.exe
2008-04-04 12:59 . 2008-04-05 06:43 77,000 --a------ C:\icxh.exe
2008-04-04 12:59 . 2008-04-04 12:59 8,704 --a------ C:\WINDOWS\system32\drivers\smss.exe
2008-04-04 12:58 . 2008-04-04 12:58 261,632 --a------ C:\WINDOWS\system32\cryper.dll
2008-04-04 12:58 . 2008-04-04 12:58 52,174 --a------ C:\WINDOWS\system32\config\systemprofile\cftmon.exe
2008-04-04 12:58 . 2008-04-04 12:58 39,424 --a------ C:\WINDOWS\system32\vesp494.exe
2008-04-04 09:18 . 2008-04-04 09:18 15,363 --a------ C:\WINDOWS\system32\vesp468.exe
2008-04-03 23:32 . 2008-04-05 13:17 47,203 --a------ C:\Documents and Settings\Rev\cftmon.exe
2008-04-03 23:29 . 2008-04-03 23:31 40,970 --a------ C:\WINDOWS\aromis.config
2008-04-03 23:28 . 2008-04-03 23:28 <DIR> dr------- C:\Documents and Settings\LocalService\Oblˇben‚ polo§ky
2008-04-03 23:28 . 2008-04-03 23:28 204,800 --a------ C:\WINDOWS\kiasys.dll
2008-04-03 23:28 . 2008-04-03 23:28 139,776 --a------ C:\WINDOWS\aromis.exe
2008-04-03 23:28 . 2008-04-03 23:28 14,336 --a------ C:\WINDOWS\system32\vesp472.exe
2008-04-03 23:28 . 2008-04-03 23:28 11,264 --a------ C:\WINDOWS\system32\vesp282.exe
2008-04-03 23:28 . 2008-04-05 13:09 10,752 --a------ C:\WINDOWS\system32\WLCtrl32.dll.ren
2008-04-03 23:27 . 2008-04-04 09:18 21,628 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-03 23:27 . 2008-04-03 23:27 11,264 --a------ C:\WINDOWS\system32\vesp486.exe
2008-04-03 23:26 . 2008-04-03 23:26 7,680 --a------ C:\WINDOWS\system32\vesp463.exe
2008-04-03 23:25 . 2008-04-05 12:16 423 --a------ C:\WINDOWS\system32\jdpfeo.tmp
2008-03-31 10:08 . 2008-03-31 10:08 7,168 --a------ C:\Documents and Settings\Rev\admin.exe
2008-03-29 22:11 . 2008-03-29 22:13 205,960,639 --a------ C:\pornoakce6-full_lq.wmv
2008-03-22 21:08 . 2008-03-26 21:10 <DIR> d-------- C:\Program Files\bwin
2008-03-22 21:08 . 2008-03-22 21:08 528,840 --a------ C:\NetInstallbwinPoker.exe
2008-03-22 18:46 . 2008-03-22 18:47 1,939,090 --a------ C:\6.wmv
2008-03-22 18:46 . 2008-03-22 18:46 1,939,090 --a------ C:\5.wmv
2008-03-22 18:46 . 2008-03-22 18:46 1,931,090 --a------ C:\1.wmv
2008-03-22 18:46 . 2008-03-22 18:46 1,931,090 --a------ C:\04.wmv
2008-03-22 18:46 . 2008-03-22 18:46 1,923,096 --a------ C:\03.wmv
2008-03-22 18:45 . 2008-03-22 18:46 1,931,090 --a------ C:\02.wmv
2008-03-17 14:55 . 2008-03-31 10:12 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-17 14:50 . 2008-03-17 14:50 <DIR> d-------- C:\WINDOWS\Cache
2008-03-17 14:48 . 2004-07-20 18:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-17 14:48 . 2004-07-20 18:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-17 14:48 . 2004-07-20 18:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-17 14:48 . 2004-07-09 10:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-03-17 14:48 . 2004-07-20 18:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-17 14:48 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-17 14:48 . 2000-06-26 12:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-17 14:48 . 2001-06-26 09:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-03-17 14:47 . 2008-03-17 14:47 <DIR> d-------- C:\WINDOWS\InCD
2008-03-17 14:47 . 2008-03-17 14:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-17 14:47 . 2008-03-17 14:48 <DIR> d-------- C:\Program Files\Ahead
2008-03-17 14:47 . 2004-09-07 12:09 2,146,304 --------- C:\WINDOWS\NuNinst.exe
2008-03-17 14:47 . 2004-09-07 17:27 91,136 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2008-03-17 14:47 . 2004-10-19 08:48 51,969 --------- C:\WINDOWS\NuNinst.cfg
2008-03-17 14:47 . 2004-09-07 17:27 28,544 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2008-03-17 14:47 . 2004-09-07 17:29 5,760 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2008-03-17 14:46 . 2003-12-05 11:46 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2008-03-17 14:45 . 2008-03-17 14:46 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2008-03-17 14:45 . 2008-03-17 14:45 <DIR> d-------- C:\Program Files\CyberLink
2008-03-17 14:45 . 2004-03-11 14:27 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2008-03-13 19:27 . 2008-03-23 12:37 6,656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-03-11 12:08 . 2008-03-11 19:39 <DIR> d-------- C:\strong_dc_205
2008-03-11 11:39 . 2008-03-11 12:04 <DIR> d-------- C:\Program Files\BitComet
2008-03-11 11:39 . 2008-03-11 11:39 <DIR> d-------- C:\Downloads
2008-03-11 01:35 . 2008-04-03 04:42 <DIR> d-------- C:\Program Files\GoQ - NetRadio
2008-03-09 14:12 . 2008-03-09 14:12 <DIR> d---s---- C:\Documents and Settings\Rev\UserData
2008-03-05 17:07 . 2008-03-05 17:07 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-05 17:06 . 2008-03-05 17:06 24,958,080 --a------ C:\Program Files\AdbeRdr810_cs_CZ.exe
2008-03-05 15:51 . 2003-06-19 02:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-05 15:51 . 2008-03-05 15:51 390 --a------ C:\WINDOWS\ODBC.INI
2008-03-05 15:50 . 2008-03-05 15:50 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-05 15:49 . 2008-03-05 15:50 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-05 15:30 . 2008-03-05 15:30 1,336,031 --a------ C:\Program Files\wrar371cz.exe
2008-03-05 14:37 . 2008-03-15 01:26 <DIR> d-------- C:\Program Files\ICQToolbar
2008-03-05 14:36 . 2008-03-05 14:38 <DIR> d-------- C:\Program Files\ICQ6
2008-03-05 14:35 . 2008-03-05 14:35 14,111,464 --a------ C:\Program Files\install_atlas_icq6.exe
2008-03-05 14:31 . 2008-03-05 14:56 <DIR> d-------- C:\Program Files\ParadisePoker
2008-03-05 14:30 . 2008-03-05 14:30 5,748,680 --a------ C:\Program Files\paradisepoker_com_cs_cs.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 16:51 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2008-03-17 12:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 16:00 --------- d-----w C:\Program Files\Google
2008-03-04 09:17 --------- d-----w C:\Program Files\Java
2008-03-04 09:15 --------- d-----w C:\Program Files\Common Files\Java
2008-03-03 15:49 --------- d-----w C:\Program Files\Nokia
2008-03-03 15:36 --------- d-----w C:\Program Files\DIFX
2008-03-03 15:35 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-03 12:45 --------- d-----w C:\Program Files\Common Files\DirectX
2008-03-02 11:27 --------- d-----w C:\Program Files\WinFast
2008-03-02 11:27 --------- d-----w C:\Program Files\Ulead Systems
2008-03-02 11:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-03-02 11:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-02 10:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 10:40 558,142 ----a-w C:\WINDOWS\java\Packages\6FPJLJRT.ZIP
2008-03-02 10:40 155,995 ----a-w C:\WINDOWS\java\Packages\ZJ7BHVDF.ZIP
2008-03-02 10:40 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{547f4e57-9025-403b-b619-073854a60da1}]
2008-04-03 23:28 204800 --a------ C:\WINDOWS\kiasys.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 16:49 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-12-22 16:40 5517312]
"nwiz"="nwiz.exe" [2004-12-22 16:40 1490944 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-12-22 16:40 86016]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 14:21 278528]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-04 10:48 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 15:25 1400944]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"'Ashampoo AntiSpyWare 2 Guard'"="C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2008-03-13 14:36 2316632]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-05 12:11 2957824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 16:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-02 20:30 219136]
"aromis"="C:\WINDOWS\aromis.exe" [2008-04-03 23:28 139776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CheckWeb"= {C111CF13-545F-6FF1-51AC-F623D452C63D} - C:\WINDOWS\system32\cryper.dll [2008-04-04 12:58 261632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll 2008-04-03 23:28 9235 C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.ac3acm"= ac3acm.acm
"VIDC.wmv3"= wmv9vcm.dll
"MSVideo8"= VfWWDM32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wek06.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-05 12:11]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 13:34]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 13:34]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 13:34]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 00:08]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55]
S0 wek06;wek06;C:\WINDOWS\system32\Drivers\Wek06.sys []
S2 ntdmngr;Network DDE Transaction Manager;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
S3 fileobjinfo;STFileDriver;C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys []
S4 aasw2_service;aasw2_service;C:\DOCUME~1\Rev\LOCALS~1\Temp\1\svchost.exe [2008-03-31 10:08]
S4 Google Online Services;Google Online Services;C:\Documents and Settings\Rev\ie_updates3r.exe []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Ntdmngr
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 19:53:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dumprep.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-04-05 19:56:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 17:56:02
Adresářů: 7, Volných bajtů: 19,096,977,408
Adres ý…: 10, Volněch bajt…: 19,043,708,928
Log z SDfix:
SDFix: Version 1.166
Run by Rev on so 05.04.2008 at 20:19
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name:
Google Online Services
Path:
C:\Documents and Settings\Rev\ie_updates3r.exe -A
Google Online Services - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll - Deleted
C:\WINDOWS\aromis.exe - Deleted
C:\WINDOWS\aromis.config - Deleted
C:\WINDOWS\kiasys.dll - Deleted
C:\WINDOWS\system32\drivers\smss.exe - Deleted
C:\WINDOWS\system32\univrs32.dat - Deleted
Folder C:\Documents and Settings\All Users\Dokumenty\Settings - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 20:21:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Finished!
Log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:11, on 5.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ParadisePoker\poker.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\ParadisePoker\poker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: crawler search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O21 - SSODL: CheckWeb - {C111CF13-545F-6FF1-51AC-F623D452C63D} - C:\WINDOWS\system32\cryper.dll
O23 - Service: Avg7Alrt - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: Avg7UpdSvc - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVGEMS - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 6198 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: spyware a trojani
fajn,to by šlo 
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O21 - SSODL: CheckWeb - {C111CF13-545F-6FF1-51AC-F623D452C63D} - C:\WINDOWS\system32\cryper.dll
stáhni instalačku firewallu kterej si vybereš tady
vyber si tady,doporučuju ZoneAlarm,Comodo nebo Ashampoo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
Ashampoo Firewall free + čeština
a stahni i instalačku toho avg (i když já bych spíš doporučil avast)
odpoj se od sítě,přeinstaluj avg nebo odinstal a dej avast
odinstal i Ashampoo AntiSpyWare 2
nainstaluj firewall a opět se připoj k netu a pošli novej log z hijackthis a nějaký info ochování kompu
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O21 - SSODL: CheckWeb - {C111CF13-545F-6FF1-51AC-F623D452C63D} - C:\WINDOWS\system32\cryper.dll
stáhni instalačku firewallu kterej si vybereš tady
vyber si tady,doporučuju ZoneAlarm,Comodo nebo Ashampoo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
Ashampoo Firewall free + čeština
a stahni i instalačku toho avg (i když já bych spíš doporučil avast)
odpoj se od sítě,přeinstaluj avg nebo odinstal a dej avast
odinstal i Ashampoo AntiSpyWare 2
nainstaluj firewall a opět se připoj k netu a pošli novej log z hijackthis a nějaký info ochování kompu
Re: spyware a trojani
Tak je to síla. V pravým dolním rohu mi vždycky naběhne nějaký okno ve kterým je znak jednosměrky a hned vedle zelená fajfka, která značí souhlas s něčím :-) Má to něco společnýho s tím Šamponem :-)
Tady je log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:56, on 5.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5764 bytes
Tady je log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:56, on 5.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5764 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: spyware a trojani
hele,měl si to zavirovaný od sklepa až po půdu. zajímá mě jak se chová komp ne firewall (to pořešíme později)
teď použij T-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
potom stáhni znova combofix na plochu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis a to info o problému
teď použij T-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
potom stáhni znova combofix na plochu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\cryper.dll
C:\WINDOWS\system32\config\systemprofile\cftmon.exe
C:\WINDOWS\system32\vesp494.exe
C:\WINDOWS\system32\vesp468.exe
C:\WINDOWS\system32\vesp472.exe
C:\WINDOWS\system32\vesp282.exe
C:\Documents and Settings\LocalService\cftmon.exe
C:\WINDOWS\system32\jdpfeo.tmp
C:\Documents and Settings\Rev\admin.exe
C:\WINDOWS\system32\univrs32.dat
C:\Program Files\AdbeRdr810_cs_CZ.exe
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{547f4e57-9025-403b-b619-073854a60da1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CheckWeb"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis a to info o problému
Re: spyware a trojani
Ten cleaner mi nejde stáhnout. Kompl jinak jede v pohodě. Dokud jsem měl ten firewall od Ashampoo tak jsem net absolutně nedokázal spustit. Musel jsem ho odinstalovat.
tady je novej log po odinstalu firewallu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:35, on 6.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ParadisePoker\poker.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5635 bytes
tady je novej log po odinstalu firewallu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:35, on 6.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ParadisePoker\poker.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 5635 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: spyware a trojani
fajn. nainstaluj třeba comodo. ten ashampoo nejspíš nabořili šmejdi.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti